As we know, within an Autonomous Systems, Two-level labels are used to forward packets and Tag-switching(LDP/TDP) should be enabled on all the interfaces on each routers( P and PE). But on the Inter-as link between the Autonomous Systems, tag-switching(LDP/TDP) is not required. I have demonstrated this from the documents and the LAB. As we can see, between the Autonomous Systems, there is still a single level of labelling(eBGP VPN label) used to forwarding packerts. So my question is why the tag-switching(LDP/TDP) is not required on the Inter-AS link?
All the information the ASBRx need in order to forward a packet
to the neighbor AS is a next hop information and a label to reach the neighbor
AS vpnv4 prefix.
-Next hop info is provided via direct mp-ebgp,like in "plain e-bgp"(not multihop,this is a case where you must use tdp or static in order to reach next hop).The next hop is the ip address of ASBRy to ASBRx link.
-The label for the destination vpnv4 prefix (which is stored in ASBRx's BGP table)is provided by mp-ebgp along with the prefix.The ASBRy rewrites the MPLS label before advertising it to ASBRx.
Thus the ASBRx forwards a packet to the neighbor ASBRy with only the "vpn" label attached,and the neigbor ASBRy forwards to his neighbor PE (within the same AS) the same packet with a label provided by tdp (now we have a multi-level labeling of a "vpn" label and a tdp label).If the destination vpn (vrf) was attached on the ASBRy there would be no tdp label for the packet,therefore no multi-level labeling.
I understand why there is no multi-level labeling between ASBRs and the role the ASBR play. but my question is when the ASBR received a packet with a label in its header on an interface in which tag switching is not enabled, the packet should be considered as an illegal packet by the ASBR and is dropped because it's header is not a normal ipv4 header. This is the case when there is an path with tag swtiching not enabled in the MPLS backbone, the MPLS VPN traffic will have problems to transist through this path. But why for the ASBR, there isn't any problems?
From the implementation point of view the router enables the switching of taged packets on the "inter-AS interface" as soon as you activate the address family for the mp-ebgp peering. You can do a show tag-switch interface x detail to see this.
I guess this makes ASBR capable of label forwarding on this specific interface.
From the "sh tag int", I can see only on the ASBR--P link the tag-swtiching was enabled, and from the "sh tag tdp nei", only the neighbor was found on the ASBR--P link. In addition, from the document, if we don't activate the vpnv4 address family for the mp-ebgp peering to advertise the label, we use "neighbor x.x.x.x send-label" to distribute the labels along with ipv4 routes. LDP/TDP still need not be enabled on the inter-as link.
This is because the ASBRs follow a techniq called LSP Stitching. The entire VPN path is broken into two LSPs and they are stitched together at the AS boundaries. In fact a new VPN label is allocated at the AS boundaries for the other AS to use. It then keeps track of this mapping and does the LSP stiching in the forwarding plane.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...